RE: Response Policy Regular Expression Question

Thanks Havard. Appreciate the candor. This was my understanding given the articles and documentation that I reviewed. Dan -Original Message- From: Havard Eidnes Sent: Monday, January 24, 2022 10:13 AM To: LeBlanc, Daniel James Cc: bind-users@lists.isc.org Subject: [EXT]Re: Response

Response Policy Regular Expression Question

Hello All. I am trying to create an NXDOMAIN response-policy for the following example domain: x.yy.*.*.dns.* I have reviewed RFC1034 & RFC4592 and many online articles and blog postings, but thus far have not found anything suggesting that this type of match is possible. Am I expecting too

Recursion Question

Hello All. I have a recursion via forwarder question. Consider the following scenario: - A client sends a query to an internal recursive DNS server for the following A record: 'a.b.c.private.dns.com' - The Recursive DNS server is unaware of this domain and sends the request

Inquiry re: DNS over HTTPS

Hello All. I am interested in whether ISC BIND intends to directly support DNS over HTTPS in the near future, or whether it is expected that users will create an environment to accept the HTTPS request and convert it into a DNS query. Thanks! Daniel J. LeBlanc, P.Eng., MBA, DTME | Senior Netwo

RE: BIND setup for GSLB (Global Service Load Balancing)

Hi Roberto. I am not aware of any inherent capability within ISC BIND to accomplish this. However, the following ideas come to mind (and each has a custom element to it): - Is it possible to create DNS record (NAPTR?) for which a dynamic response is provided that accomplishes this ob

RE: DNSSEC Error Log - named[4132]: managed-keys-zone/“externals”: Unable to fetch DNSKEY set '.': timed out

ell Canada -Original Message- From: Tony Finch [mailto:d...@dotat.at] Sent: August-05-19 11:21 AM To: LeBlanc, Daniel James Cc: ML BIND Users (bind-users@lists.isc.org); Lavigne-Giroux, Simon Subject: [EXT]Re: DNSSEC Error Log - named[4132]: managed-keys-zone/“externals”: Unable to fetch

DNSSEC Error Log - named[4132]: managed-keys-zone/“externals”: Unable to fetch DNSKEY set '.': timed out

Hello All. I am receiving the following log entry a couple of times per hour on my ISC BIND 9.14.0 VMs: named[4132]: managed-keys-zone/“externals”: Unable to fetch DNSKEY set '.': timed out This is occurring only on my authoritative servers and only for the view that I do not have recursion e

RE: DiG - Internal error

Thanks Tony - it is working now. :-) Daniel J. LeBlanc, P.Eng., MBA, DTME | Senior Network Architect | Bell Canada -Original Message- From: Tony Finch [mailto:d...@dotat.at] Sent: June-11-19 11:03 AM To: LeBlanc, Daniel James Cc: ML BIND Users (bind-users@lists.isc.org) Subject: [EXT

DiG - Internal error

Hello. I am using the dig that was created during the compile of BIND 9.14.0 (Stable Release) . I am performing a dig command from and against localhost and that has firewalled access to the Internet but am getting an exit status of 10 and the following textual error: Ø /var/named/bin/dig @

RE: ISC BIND 9.12.3-P1 Question re: DNSSEC Zone Signing

[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Alan Clegg Sent: March-18-19 9:12 PM To: bind-users@lists.isc.org Subject: Re: ISC BIND 9.12.3-P1 Question re: DNSSEC Zone Signing On 3/18/19 7:33 PM, LeBlanc, Daniel James wrote: > I have a pair of ISC BIND 9.12.3-P1 servers that are configu

RE: ISC BIND 9.12.3-P1 Question re: DNSSEC Zone Signing

does not already have keys in place, then keys will be generated for it according to policy." (p. 219). Thanks! Daniel J. LeBlanc, P.Eng., MBA, DTME | Senior Network Architect | Bell Canada -Original Message- From: Mark Andrews [mailto:ma...@isc.org] Sent: March-18-19 9:17 PM To: Le

RE: ISC BIND 9.12.3-P1 Question re: DNSSEC Zone Signing

try this out in the morning. Thanks again! Daniel J. LeBlanc, P.Eng., MBA, DTME | Senior Network Architect | Bell Canada -Original Message- From: Mark Andrews [mailto:ma...@isc.org] Sent: March-18-19 8:40 PM To: LeBlanc, Daniel James Cc: bind-users@lists.isc.org Subject: Re: ISC BIND 9.12.3-P1

ISC BIND 9.12.3-P1 Question re: DNSSEC Zone Signing

Hello All. I have a pair of ISC BIND 9.12.3-P1 servers that are configured as slaves to a pair of Hidden Master servers. The Hidden Masters are a proprietary product and unfortunately when used to sign the zones, the SOA records are not populated as expected. As a result, I was looking into s

RE: DELV 9.12.3-P1 - Issue Loading Trusted Keys

: LeBlanc, Daniel James Cc: bind-users@lists.isc.org Subject: Re: DELV 9.12.3-P1 - Issue Loading Trusted Keys On Wed, Mar 13, 2019 at 06:52:38PM +, LeBlanc, Daniel James wrote: > sudo /var/named/bin/delv @ -a /var/named/keys/trythese.keys > -b127.0.0.1 ansible.test.dnsview.newdomain.bell.ca +

DELV 9.12.3-P1 - Issue Loading Trusted Keys

Hello. I am having difficulty configuring DNSSEC local trust anchors in ISC BIND 9.12.3-P1. In the process of troubleshooting I turned to delv and discovered that for some reason my trusted-keys are not being loaded (if I point delv at the bind.keys file it loads fine so perhaps there is some

RE: TSIG error with BIND9 Views

Hello Roberto. I have built something similar and used a unique TSIG key for each view. This was required in my case as I use the key to select the View. Dan LeBlanc From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Roberto Carna Sent: November-12-18 12:05 PM To: ML BIND